{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"MPlayer 0.91 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"MPlayer 0.90pre series ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"MPlayer 0.90 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"MPlayer 1.0pre3.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"MPlayer 1.0pre1 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"MPlayer 1.0pre2 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"MPlayer 0.90rc series ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nMPlayer est un lecteur multim\u00e9dia fonctionnant sous Linux. Une\nvuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la mise en \u0153uvre de la fonction de\ntraitement des ent\u00eates HTTP :  \nhttp_build_request(). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un\nutilisateur mal intentionn\u00e9, via une page d'un site malicieux, afin\nd'ex\u00e9cuter du code arbitraire sur la machine.\n\n## Solution\n\nAppliquer le correctif fourni par l'\u00e9diteur (cf. Documentation).\n","cves":[],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2004:026 :","url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:026"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 du paquetage NetBSD mplayer :","url":"ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities"},{"title":"Avis de s\u00e9curit\u00e9 pour le paquetage OpenBSD mplayer du 30    mars 2004 :","url":"http://www.vuxml.org/openbsd/"},{"title":"Avis de s\u00e9curit\u00e9 FreeBSD du 31 mars 2004 :","url":"http://www.vuxml.org/freebsd/"},{"title":"Correctif de la vuln\u00e9rabilit\u00e9 :","url":"http://mp.dev.hu/MPlayer/patches/vuln02-fix.diff"},{"title":"Avis de s\u00e9curit\u00e9 Gentoo GLSA 200403-13 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200403-13.xml"}],"reference":"CERTA-2004-AVI-107","revisions":[{"description":"version initiale.","revision_date":"2004-04-02T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 de Mandrake.","revision_date":"2004-04-06T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence CVE.","revision_date":"2004-05-10T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 FreeBSD, OpenBSD et NetBSD.","revision_date":"2004-05-12T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans certaines versions de MPlayer.\n","title":"Vuln\u00e9rabilit\u00e9 dans MPlayer","vendor_advisories":[{"published_at":null,"title":"Avis de s\u00e9curit\u00e9 MPLAYERHQ.HU","url":"http://mp.dev.hu/homepage/design6/news.html"}]}